Session User (LDAP/AD User) Connection
If both the target systems and Kron PAM are integrated with LDAP/AD, users can log in to target systems with their LDAP/AD credentials. This feature can also be used when the username and password of a Kron PAM user is configured as an account with the same username and password in the target system. This user is called a Session User.
If there are no credentials configured for the device group (such as Manual Login, Direct Credential Username/Password, Vault, or Assigned Credentials), Kron PAM logs into the target device as an LDAP user. If any of the credential methods mentioned above are configured, Kron PAM will establish the connection with the configured method.
Kron PAM allows the selection of the authenticated user that will be able to connect to the target devices. This is explained in the following section. Even if any of the methods mentioned above is configured for the connection, a Session User can be added as a choice. Please refer to section the Multiple User Selection in RDP Proxy or configuration details.
Some remote devices require FQDN addresses, in addition to a username. In this case, the useEmailAsUsername property key should be set as true in the device group properties, to use both properties to log in to target devices.
If the target device requires FQDN addresses, the following configuration is required, in addition to the session user property:
- Navigate to Devices> Device Groups.
- Click the device group and select the Properties option.
- Click the Edit and Next buttons.
- Select the Custom Properties.
- Create the useEmailAsUsername property value as true.
- Save.
